Deleting Files from an Encryption Zone with Trash Enabled

Information on deleting files from an encryption zone with trash enabled.

The trash location for encrypted HDFS files is different than the default trash
location for unencrypted files
(/user/$USER/.Trash/Current/OriginalPathToDeletedFile).

When trash is enabled and an encrypted file is deleted, the file is moved to the
.Trash subdirectory under the root of the encryption zone as
/EncryptionZoneRoot/.Trash/$USER/Current/OriginalPathToDeletedFile.
The file remains encrypted without additional decryption/re-encryption overhead
during the move to trash. The move operation preserves the name of the user who
executes the deletion, and the full path of the deleted file.

Example

For example, if user hdp-admin deletes file
/zone_name/file1 using the following command:

hdfs dfs -rm /zone_name/file1

file1 will remain encrypted, and it will be moved to the following
location within the encryption zone:

/zone_name/.Trash/hdp-admin/Current/zone_name/file1

A trash checkpoint will be created for the .Trash subdirectory in
each encryption zone. Checkpoints will be deleted/created according to the value of
fs.trash.checkpoint.interval (number of minutes between trash
checkpoints). A checkpoint for this example would be: